max-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). scripts/search.py fetches live web search results from the public Tavily API (https://api.tavily.com/search) and those raw results are inserted into the LLM synthesis prompt (see build_synthesis_prompt / SKILL.md "Search_Context" and Step 3), which the model is explicitly instructed to prioritize—therefore untrusted third‑party content can materially influence the agent's outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to https://api.tavily.com/search and directly injects the returned search results into the LLM "Search_Context" synthesis prompt (thereby controlling agent instructions), and the script requires the Tavily API for normal search operation.